use of com.sun.identity.saml.AssertionManagerClient in project OpenAM by OpenRock.
the class DefaultActionMapper method getSSOAssertion.
/**
* This method exams the Evidence in the AuthorizationDecisionQuery.
* It returns the first valid Assertion that contains at least one
* AuthenticationStatement.
* <p>
* @see com.sun.identity.saml.plugins.ActionMapper#getSSOAssertion
*/
public Assertion getSSOAssertion(AuthorizationDecisionQuery query, String sourceID) {
if (query == null) {
return null;
}
Assertion assertion = null;
// check evidence
Evidence evi = query.getEvidence();
if (evi != null) {
Set assertions = evi.getAssertion();
if (assertions != null) {
Iterator iter = assertions.iterator();
while (iter.hasNext()) {
assertion = (Assertion) iter.next();
if (SAMLUtils.isAuthNAssertion(assertion)) {
return assertion;
}
}
// loop through assertions
}
Set idRefs = evi.getAssertionIDReference();
if (idRefs != null) {
Iterator iter = idRefs.iterator();
try {
AssertionManager am = AssertionManager.getInstance();
AssertionIDReference idRef = null;
while (iter.hasNext()) {
idRef = (AssertionIDReference) iter.next();
try {
// get the assertion from server id
String remoteUrl = SAMLUtils.getServerURL(idRef.getAssertionIDReference());
if (remoteUrl != null) {
// call AssertionManagerClient.getAssertion
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultActionMap" + "per: calling another in lb site:" + remoteUrl);
}
AssertionManagerClient amc = new AssertionManagerClient(SAMLUtils.getFullServiceURL(remoteUrl));
assertion = amc.getAssertion(idRef, sourceID);
} else {
assertion = am.getAssertion(idRef, sourceID);
}
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultActionMapper." + "getSSOAssertion: exception when retrieving " + "Assertion from IDRef:" + e);
}
continue;
}
if (SAMLUtils.isAuthNAssertion(assertion)) {
return assertion;
}
}
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultActionMapper: Couldn't" + " obtain AssertionManager instance:" + e);
}
}
}
}
return null;
}
use of com.sun.identity.saml.AssertionManagerClient in project OpenAM by OpenRock.
the class DefaultActionMapper method convertEvidence.
private Map convertEvidence(Evidence evidence, Subject subject, String sourceID) {
Map envParams = new HashMap();
if (evidence == null) {
return envParams;
}
Iterator iterator = null;
Assertion assertion = null;
String siteName = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
String issuer = null;
Set idRefs = evidence.getAssertionIDReference();
if (idRefs != null) {
iterator = idRefs.iterator();
try {
AssertionManager am = AssertionManager.getInstance();
AssertionIDReference idRef = null;
while (iterator.hasNext()) {
idRef = (AssertionIDReference) iterator.next();
try {
// get the assertion from server id
String remoteUrl = SAMLUtils.getServerURL(idRef.getAssertionIDReference());
if (remoteUrl != null) {
// call AssertionManagerClient.getAssertion
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultActionMapper:" + "calling another server in lb site:" + remoteUrl);
}
AssertionManagerClient amc = new AssertionManagerClient(SAMLUtils.getFullServiceURL(remoteUrl));
assertion = amc.getAssertion(idRef, sourceID);
} else {
assertion = am.getAssertion(idRef, sourceID);
}
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultActionMapper: " + "couldn't retrieve assertion from idRef:" + e);
}
continue;
}
// no need to check signature or time validation
SAMLUtils.addEnvParamsFromAssertion(envParams, assertion, subject);
}
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultActionMapper: Couldn't " + "obtain AssertionManager instance:" + e);
}
}
}
Set assertions = evidence.getAssertion();
if (assertions != null) {
iterator = assertions.iterator();
while (iterator.hasNext()) {
assertion = (Assertion) iterator.next();
if ((!assertion.isSignatureValid()) || (!assertion.isTimeValid())) {
continue;
}
issuer = assertion.getIssuer();
if ((siteName != null) && (siteName.equals(issuer))) {
// this server is the issuer
} else {
// is issuer trusted
SAMLServiceManager.SOAPEntry sourceSite = SAMLUtils.getSourceSite(issuer);
if (sourceSite == null) {
continue;
}
}
SAMLUtils.addEnvParamsFromAssertion(envParams, assertion, subject);
}
}
return envParams;
}
Aggregations